CVE-2026-48163

EUVD-2026-36519
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. Not all parameters were properly validated which could allow a malicious joiner to execute arbitrary shell commands on the donor side via the rsync SST method. This issue has been patched in versions 10.6.27, 10.11.18, 11.4.12, 11.8.8, and 12.3.2.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8 HIGH
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Debian logo
Debian Releases
Debian Product
Codename
mariadb
bookworm
vulnerable
forky
vulnerable
sid
1:11.8.8-1
fixed
trixie
vulnerable
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libmariadbd-devel
suse enterprise sap 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP7
11.8.8-150700.3.15.1
fixed
suse enterprise server 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP6
10.11.18-150600.4.20.1
fixed
suse enterprise server 15 SP7
11.8.8-150700.3.15.1
fixed
libmariadbd19
suse enterprise sap 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP7
11.8.8-150700.3.15.1
fixed
suse enterprise server 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP6
10.11.18-150600.4.20.1
fixed
suse enterprise server 15 SP7
11.8.8-150700.3.15.1
fixed
mariadb
suse enterprise sap 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP7
11.8.8-150700.3.15.1
fixed
suse enterprise server 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP6
10.11.18-150600.4.20.1
fixed
suse enterprise server 15 SP7
11.8.8-150700.3.15.1
fixed
mariadb-client
suse enterprise sap 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP7
11.8.8-150700.3.15.1
fixed
suse enterprise server 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP6
10.11.18-150600.4.20.1
fixed
suse enterprise server 15 SP7
11.8.8-150700.3.15.1
fixed
mariadb-errormessages
suse enterprise sap 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP7
11.8.8-150700.3.15.1
fixed
suse enterprise server 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP6
10.11.18-150600.4.20.1
fixed
suse enterprise server 15 SP7
11.8.8-150700.3.15.1
fixed
mariadb-tools
suse enterprise sap 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP7
11.8.8-150700.3.15.1
fixed
suse enterprise server 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP6
10.11.18-150600.4.20.1
fixed
suse enterprise server 15 SP7
11.8.8-150700.3.15.1
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://github.com/MariaDB/server/security/advisories/GHSA-rpgv-q6gv-684r
https://jira.mariadb.org/browse/MDEV-39648